2 min
Metasploit
Metasploit Weekly Wrap-Up 05/03/24
Dump secrets inline
本周,我们自己的cdelafuente-r7 [http://github].com/cdelafuente-r7] added
这是对著名的Windows Secrets Dump模块的重大改进
[http://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/windows_secrets_dump.rb]
在转储SAM哈希、LSA秘密和缓存时减少内存占用
credentials. 该模块现在直接读取Windows注册表远程
无需将完整的注册表项转储到磁盘并解析
4 min
Metasploit
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules
本周,Metasploit社区成员h00die [http://github].com/h00die] added
针对Rancher实例的两个模块中的第二个. These modules each leak
来自应用程序易受攻击实例的敏感信息
intended to manage Kubernetes clusters. These are a great addition to
Metasploit对测试Kubernetes环境的覆盖
[http://docs.metasploit.com/docs/pentesting/metasploit-guide-kubernetes.html].
PAN-OS RCE
Metasploit also released an e
2 min
Events
5月21日召开指挥峰会:将违规行为从不可避免变为可预防
与AWS合作举办的为期一天的虚拟峰会Take Command现已开放注册. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more.
2 min
Metasploit
Metasploit Weekly Wrap-Up 04/19/24
Welcome Ryan and the new CrushFTP module
并不是每周我们都会在框架中添加一个很棒的新漏洞利用模块
将漏洞的原始发现者也添加到Rapid7团队中.
我们非常高兴地欢迎Ryan Emmons加入紧急威胁响应小组,
在Rapid7与Metasploit合作. Ryan discovered an Improperly
动态确定对象属性的受控修改
10之前版本中的CrushFTP漏洞(CVE-2023-43177).5.1 whic
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials
Metasploit框架的新版本包括一个Shadow Credentials模块
added by smashery [http://github.com/rapid7/metasploit-framework/pull/19051]
用于可靠地接管Active Directory用户帐户或计算机,以及
让未来的身份验证以该帐户进行. This can be chained
与Metasploit框架中的其他模块(如windows_secrets_dump)一起使用.
Details
该模块针对的是一个“受害者”账户
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/05/2024
New ESC4 Templates for AD CS
Metasploit added capabilities
[http://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html]
利用了Metasploit 6中AD CS的ESC系列缺陷.3. The ESC4
技术的支持已经有一段时间了,这要感谢
Ad_cs_cert_templates模块,允许用户读写证书
template objects. 这有利于ESC4的开发
misconfiguration in
3 min
Metasploit
Metasploit Weekly Wrap-Up 03/29/2024
Metasploit增加了三个新的漏洞利用模块,包括SharePoint的RCE.
12 min
Metasploit
Metasploit Framework 6.4 Released
今天,Metasploit很高兴地宣布发布Metasploit框架
6.4. 从第6版发布到现在已经一年多了.3
[http://3gwd.ibelstaffjackets.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
从那时起,该团队增加了许多新功能和改进.
新闻记者请联系press@ibelstaffjackets.com.
Kerberos Improvements
Metasploit 6.3中包含了对Kerberos身份验证的初始支持
Metasploit and was one of the larger features i
2 min
Metasploit
Metasploit Weekly Wrap-Up 03/22/2024
New module content (1)
OpenNMS Horizon Authenticated RCE
Author: Erik Wynter
Type: Exploit
Pull request: #18618 [http://github.com/rapid7/metasploit-framework/pull/18618]
contributed by ErikWynter [http://github.com/ErikWynter]
路径:linux / http / opennms_horizon_authenticated_rce
AttackerKB reference: CVE-2023-0872
[http://attackerkb.com/search?q=CVE-2023-0872?referrer=blog]
描述:该模块利用了OpenNMS Horizon中的内置功能
order to execute arbitrary commands as t
2 min
Metasploit
Metasploit Wrap-Up 03/15/2024
New module content (3)
GitLab Password Reset Account Takeover
Authors: asterion04 and h00die
Type: Auxiliary
Pull request: #18716 [http://github.com/rapid7/metasploit-framework/pull/18716]
contributed by h00die [http://github.com/h00die]
路径:admin / http / gitlab_password_reset_account_takeover
AttackerKB reference: CVE-2023-7028
[http://attackerkb.com/search?q=CVE-2023-7028?referrer=blog]
描述:这增加了一个利用帐户接管的漏洞利用模块
vulnerability to take contr
3 min
Metasploit
Metasploit Wrap-Up 03/08/2024
New module content (2)
GitLab Tags RSS feed email disclosure
Authors: erruquill and n00bhaxor
Type: Auxiliary
Pull request: #18821 [http://github.com/rapid7/metasploit-framework/pull/18821]
contributed by n00bhaxor [http://github.com/n00bhaxor]
路径:收集/ gitlab_tags_rss_feed_email_disclosure
AttackerKB reference: CVE-2023-5612
[http://attackerkb.com/search?q=CVE-2023-5612?referrer=blog]
说明:增加一个辅助模块,利用信息
disclosure vulnerability (CVE
2 min
Metasploit
Metasploit Weekly Wrap-Up 03/01/2024
Metasploit为ConnectWise ScreenConnect添加了一个RCE漏洞,并为利用ESC13添加了新的文档.
4 min
Metasploit
Metasploit Weekly Wrap-Up 02/23/2024
LDAP Capture module
Metasploit现在有了一个LDAP捕获模块
JustAnda7 [http://github.com/JustAnda7]. This work was completed as part of the
Google Summer of Code program.
当模块运行时,默认情况下它将需要特权来监听端口
389. 该模块实现了BindRequest的默认实现,
SearchRequest、UnbindRequest,并将捕获明文凭证和
NTLM hashes which can be brute-forced offline. Upon receiving a successful Bin
5 min
Metasploit
Metasploit Weekly Wrap-Up 02/16/2024
New Fetch Payload
Metasploit发布新的获取有效负载已经快一年了
[http://3gwd.ibelstaffjackets.com/blog/post/2023/05/25/fetch-payloads-a-shorter-path-from-command-injection-to-metasploit-session/]
从那时起,79个漏洞利用模块中有43个支持fetch
payloads. 原来的有效载荷支持第二级的转移
HTTP, HTTPS and FTP. 本周,Metasploit已将该协议支持扩展到
包括SMB,允许使用rundll3运行有效负载
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/09/2024
Go go gadget Fortra GoAnywhere MFT Module
这个Metasploit版本包含了2024年最热门的一个模块
vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in
Fortra GoAnywhere MFT允许未经身份验证的攻击者访问
InitialAccountSetup.在产品初始化期间使用的XHTML端点
setup to create the first administrator user. After setup has completed, this
endpoint is supposed to be no longer available. Attackers can use this
vulnerability